Blue Team Tools Archives - Black Hills Information Security

00427_01072020_WebcastLetsTalkAboutElkBaby

Blue Team, Blue Team Tools, How-To, Informational, Webcasts Active Directory, applocker, Atomic Red Team, ATT&CK, ELK, Group Policies, Jordan Drysdale, Kent Ickler, Sysmon, Windows logging, Winlogbeat

Webcast: Let’s Talk About ELK Baby, Let’s Talk About You and AD

BHIS’ Defensery Driven Duo Delivers Another Delectable Transmission! We know you are worried about your networks. After hours of discussion, we’ve come to the realization that some of our dedicated followers seem to be much more interested in catching malware than learning how to be (please forgive this next statement) “l33t hax0rs.” Download slides: https://www.activecountermeasures.com/presentations/ […]

Podcast: Play in new window | Download

Subscribe: Android | RSS

Read the entire post here

Blue Team, Blue Team Tools, Informational, Password Cracking, Password Spray Darin Roberts, password policy, passwords

Passwords: Our First Line of Defense

Darin Roberts // “Why do you recommend a 15-character password policy when (name your favorite policy here) recommends only 8-character minimum passwords?” I have had this question posed to me a couple of times in the very recent past. There were 2 separate policies that were shown to me when asking these questions. First was […]

Read the entire post here

Blue Team, Blue Team Tools, How-To, Informational, Red Team, Red Team Tools Certutil, Clip, Clipboard, Cmdkey, Curl, Microsoft, Net1, Sally Vandeven, Tar, Where, Whoami, Windows, Windows Command, Wslconfig

Rainy Day Windows Command Research Results

Sally Vandeven // We have all heard people talk about how much cooler Linux is than Windows, so much easier to use, etc. Well, they are not necessarily wrong… but we have learned that Microsoft has some very interesting gems hiding in plain sight. Seriously, Microsoft seems to be making a concerted effort to add some […]

Read the entire post here

Blue Team, Blue Team Tools, Informational, Red Team, Webcasts Attack Tactics, Blue Team, DeepBlueCLI, DFIR, Incident Response, john strand, log analysis

Webcast: Attack Tactics 7 – The Logs You Are Looking For

Download presentation slides: https://www.activecountermeasures.com/presentations/ So we went through an attack in the BHIS Webcast, “Attack Tactics 5! Zero to Hero Attack.” Then we went through the defenses in a follow-up webcast, “Attack Tactics 6! Return of the Blue Team,” and now we need to have a talk about logs. Here is the deal, most of […]

Read the entire post here

Blue Team, Blue Team Tools, How-To, Informational, Podcasts Attack Tactics, BHIS, Blue Team, Defenses, john strand, Jordan Drysdale, Kent Ickler, podcast

Podcast: Attack Tactics 6! Return of the Blue Team

Download slides: https://www.activecountermeasures.com/presentations In this webcast we walk through the step-by-step defenses to stop the attackers in every step of the way we showed in Attack Tactics Part 5!!! Originally recorded as a live webcast on May 16th, 2019Presented by: John Strand, Jordan Drysdale, Kent Ickler Join the BHIS Blog Mailing List – get notified when […]

Podcast: Play in new window | Download

Subscribe: Android | RSS

Read the entire post here

00377_03182019_PODCAST_TrackingAttackers

Blue Team, Blue Team Tools, Finding, How-To, Hunt Teaming, Informational, Podcasts ADHD, Black Hat, Cyber Deception, Honey Tokens, Honeypots, john strand, Tracking, training

BHIS PODCAST: Tracking attackers. Why attribution matters and how to do it.

In this BHIS podcast, originally recorded as a live webcast, we cover some new techniques and tactics on how to track attackers via various honey tokens. We cover how to track with Word Web Bugs in ADHD, and cover the awesome toolkit from Thinkst. We also cover some of the legal ramifications involved in doing […]

Podcast: Play in new window | Download

Subscribe: Android | RSS

Read the entire post here

00376_03082019_WEBCAST_TrackingAttackers

Blue Team, Blue Team Tools, How-To, Informational, Webcasts Active Defense, ADHD, Cyber Deception, Honey Tokens, john strand, Thinkst, webcast

BHIS Webcast: Tracking Attackers. Why Attribution Matters and How To Do It.

In this BHIS webcast, we cover some new techniques and tactics on how to track attackers via various honey tokens. We cover how to track with Word Web Bugs in ADHD and cover the awesome toolkit from Thinkst. We also cover some of the legal ramifications involved in doing this. Download slides: https://www.activecountermeasures.com/presentations/ I am covering this […]

Read the entire post here

00276_02222018_WEBCAST_TalesNetworkThreatHuntingTrenches

Blue Team Tools, Hunt Teaming, Webcasts Active Countermeasures, AI Hunter, bro, free tools, RITA, threat hunting

WEBCAST: Tales from the Network Threat Hunting Trenches

John Strand// In this webcast, John walks through a couple of cool things we’ve found useful in some recent network hunt teams. He also shares some of our techniques and tools (like RITA) that we use all the time to work through massive amounts of data. There are lots of awesome websites that can greatly […]

Read the entire post here

Blue Team, Blue Team Tools, Webcasts CredDefense, defense, defensive tool, Pentesting, tool, toolkit

WEBCAST: CredDefense Toolkit

Beau Bullock, Brian Fehrman, & Derek Banks // Pentesting organizations as your day-to-day job quickly reveals commonalities among environments. Although each test is a bit unique, there’s a typical path to “winning” that presents itself over and over. Expensive, difficult to configure, and cumbersome to maintain tools exist to help prevent and alert on some […]

Read the entire post here